Solved

Random Posword not Updating in Database

Posted on 2004-04-28
7
360 Views
Last Modified: 2008-02-01
Hi there,

The scripts below, remember_me.php and function.inc.php are supposed to generate a random password and update corresponding field in the database.

Once prompted, they generate the random password and sends them to the user's email.  But the generated password is not updated in the database and so the user cannot login.

Can someone help me where I'm going wrong.

remember_me.php Script
===================
<?php
//brians code start here
include "functions.inc.php";
include "error_messages.inc.php";
//action=add means usr pressd the submit button
if ($action =="email")
{
 $error_found=false;
 $error="";
 //start validating the user input
 if($email=="")
 {
  $error_found=true;
  $error.=ERR_EMAIL_BLANK;
 }

if(!$error_found)
{
      {
            //{
            $host="mysql.xcalibre.co.uk";
            $uname="xxxxxx";
            $pass="xxx";
            $database="xxxxx";
            $tablename="g_workers";

            $connect= mysql_connect($host,$uname,$pass) or die("Could not connect you to Bizafrican Database! <br>");

            $selectdb=mysql_select_db($database) or die("Could not select the Bizafrican Database for you");

            $mingle   = "decode(password, '".$password."')";  
            $sqlquery = ("select email,username, " .$mingle. " as password from g_workers where email ='".$email ."' ");
            $queryresult = mysql_query($sqlquery,$connect)or die("could not execute the query.");
            if ($row = mysql_fetch_array($queryresult))
            {
            $email =  $row["email"];
            $from     = "dba@guardwise.com";
            $subject  =  "Guardwise.com - Important message for you";
            $message  =  "Your username is:  ". $row["username"]."\n".
                               "Your password is:  ". new_password($row["username"])."\n";//edited here              
            $message   .=  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.\n
 DBA/Support";
             
            mail($email,$subject,$message,"From: sssssssss.com <dba@ssssssssss.com>");
            Header("Location: http://www.sssssss.com/remember_done.htm");
            exit;
            }
            else
            {

              $error_found=true;
              $error.=ERR_EMAIL_NONE;
            }
      }
}
}
?>
==========================
Functions Script
==========
<?
//this function generate the select box for the selected external file
function makeCombo($optname,$optfile,$optsel,$optex,$optremove='-1000'){ //returns string containing select tag
if(!is_array($optremove)) $optremove=explode(",",$optremove);
$combo="<select name='$optname' $optex>";
include $optfile;

foreach($manutmp as $key => $value){

      $tosel="";
      if($optsel==$key){
      $tosel="selected";
      }
            
      if(in_array($key,$optremove) == false)$combo.="<option value='$key' $tosel>$value\n";
      
      }
$combo.="</select>";
return $combo;
}

//this will return the select value from the select box
function getComboValue($optfile,$optkey){
include $optfile;
return $manutmp[$optkey];
}

//encrypt the password
function encrypt_password($input)
{
 return md5($input);
}

//generate the random password
function new_password ($userid,$length=10) {
      // if you want extended ascii, then add the characters to the array
      $characters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
      $random_str = "";
      for ($i = 0; $i <= $length; $i++) {
            srand((double)microtime()*1000000);
            $random_chr = round(rand(0, count($characters)-1));
            $random_str .= $characters[$random_chr];
      }
      
      //update the password for the user into  databae
      //update table pasword = encrypt_password($random_str)
       $db_name = "afrika";
$table_name = "biznames";
$connection = @mysql_connect("mysql.xcalibre.co.uk", "bbbbbb", "bbbbb") or die("Couldn't connect.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
       $sql = "UPDATE $table_name  
              SET  
              password = '". md5($random_str) ."'
              WHERE email = '". $email ."'    
              ";
$result = mysql_query($sql,$connection) or die("Couldn't execute query.");
      return $random_str;
}
?>
0
Comment
Question by:Senyonjo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 125 total points
ID: 10944449
Hi,

Normally, when you have a problem with an SQL query, a good bet is to scho it to screen in testing to see what's wrong.

If you did this in your case, I imagine you'd find that the WHERE clause is looking for a blank email address. Inside a function, variables that you set outside of the function aren't available by default. you have to declare them as global variables for them to be seen inside the function.

There are 2 solutions. The easiest is to put the line "global $email;" as the first line of the new-password function. This will work fine, but a better method would be to pass the email address as a third argument to the function. I'll try and dig out a link explaining why global variables aren't always the best idea, but either of those should work for now.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944509
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944510
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 6

Assisted Solution

by:jkna_gunn
jkna_gunn earned 125 total points
ID: 10946917
also make sure that the password field can take the size of an md5 string.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question